Hello John,
In GCP, you can restrict the access using App Engine firewall rules. As it accepts only the IP range, this might not be useful in your case. However, I think you can configure the app's landing page simply perform a request check and make sure it's from that domain [1] before allowing it (otherwise redirect to an error page). Alternatively, it might be possible to set some sort of authentication string in a post payload to determine eligibility (similarly if the string is not there, simply redirect to error page). I hope it helps. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer On Monday, January 6, 2020 at 4:31:15 PM UTC-5, Mapperkids wrote: > > Hi, > > We want to set up our app engine to only allow access from specific public > domain like www.whatever.com ( it is an external public available > website), how can I do that which is not by IP range level so I can't do it > using the app engine firewall setting. > > Our app is written in Python and the app engine services are in both > standard / flex environment. > > The flow will be like someone clicking a link on the www.whatever.com and > it will redirect to our app front end to show a page, but we would like to > make sure the request is come from www.whatever.com otherwise, should > give them like 500 server error or something. > > > Any ideas how can I do that? > > Thanks in advance. > John > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/555cdec1-c694-4535-8ae1-24aaf26b0400%40googlegroups.com.
